
DEBUG = False
ALLOWED_HOSTS = ['your_domain.com', 'your_ip']

# 覆盖开发环境的跨域配置
CORS_ALLOW_ALL_ORIGINS = False  # 禁用允许所有源
CORS_ALLOWED_ORIGINS = [
    "https://your-frontend-domain.com",
    "https://api.your-domain.com",
]

# 额外的安全设置
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True 